WebApp Sec mailing list archives
Smarter Mail All Versions - Privilege Escalation
From: Mark Litchfield <mark () securatary com>
Date: Mon, 03 Feb 2014 12:06:33 -0800
This attack will allow a regular SmarterMail user to elevate their privileges to Domain Administrator.
I tried to contact Smartmail with the usual security email aliases, apparently they do not have any. I posted to their forum for a contact and all I got was an email stating check you are running the latest version then if you like please contact us at sales () smartertools com
I personally do not want to run around here and there on my own time. Maybe they should consider a more different approach to people trying to report security issues. A good start would be security () smartertools com
A step by step with the usual screen shots at - http://www.securatary.com/vulnerabilities
All the best Mark Litchfield www.securatary.com This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE.Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------
Current thread:
- Smarter Mail All Versions - Privilege Escalation Mark Litchfield (Feb 03)
- <Possible follow-ups>
- RE: Smarter Mail All Versions - Privilege Escalation Martin O'Neal (Feb 04)